That is part of the nasty thing early on. Detectors only found it AFTER the payload had been delivered as it was some form of polymorphic .exe with scripting that just didnt get picked up. What did was URLs and keywords in the text files they make when they have done the deed.

I't wasn't attaching to files to encrypt them, it was being done externally on a TSR. So unless you specifically had the definitions like you say at 0day which is hard to, it was easily missed unless you checked memory or odd .exe and reg changes.

Drive-by malware has been around for years. ... Some are not even in the browser - the usual culprits are Java applets and Flash.

Hate to say it, but Dead Steve Jobs was right!No Flash, none at all, not ever. Just uninstall it.

Some web sites won't work anymore, too bad, complain to them that they're using a well-known malware vector and you're going elsewhere.Then go elsewhere.How may times would you go to a restaurant that gave you norovirus?

Drive-by malware has been around for years. Vulnerabilities have also been around for years - one is fixed another one shows up. Some are not even in the browser - the usual culprits are Java applets and Flash.

True but usually if you have the latest updates you were ok.

In the past, generally the worst exploits require you to open a file (assuming one is applying OS updates).

The OP seems to be saying it has recently become difficult to protect against this cryptolocker software. Just opening a webpage can infect your computer, even with latest patches installed.

"recently become difficult to protect against this cryptolocker software. Just opening a webpage can infect your computer, even with latest patches installed."

Symantec and others have been warning of drive-by downloads for years now, and no, never required users to open files. Drive-by malware by definition almost always used an exploit that leverage some know vulnerability to automatically start some action - usually a zero-day vulnerability.